Multitenancy option for server routes.

routes/10-couchproxy.js

@@ -55,5 +55,16 @@ module.exports = function(app, config) {
 
   }
   loadConfigs();
-  app.use('/db/', forward(config.couchDbURL, config, true));
+
+  var forwarded = forward(config.couchDbURL, config, true);
+  app.use('/db/', function (req, res) {
+    if (config.isMultitenancy) {
+      if (req.url.startsWith('/main/')) {
+        var subdomain = req.subdomains.join('.');
+        req.url = '/' + subdomain + req.url.substring(5);
+      }
+    }
+
+    return forwarded(req, res);
+  });
 };

routes/20-searchproxy.js

@@ -44,11 +44,15 @@ function _createMapFunction(type, query) {
   };
 }
 
-function slowSearch(pattern, dburl) {
+function slowSearch(pattern, config) {
   return function(req, res) {
     var model = req.url.match(pattern)[1];
     var parsedURL = url.parse(req.url, true);
-    var searchUrl = dburl + '/main/_temp_view/?include_docs=true';
+    var dbName = "main";
+    if (config.isMultitenancy) {
+      dbName = req.subdomains.join('.');
+    }
+    var searchUrl = config.couchAuthDbURL + '/' + dbName + '/_temp_view/?include_docs=true';
     var query = parsedURL.query.q;
     var queryParts = query.split(' OR ');
     var size =  parsedURL.query.size;
@@ -72,6 +76,6 @@ module.exports = function(app, config) {
   if (config.searchURL) {
     app.use(searchPath, forward(config.searchURL, config));
   } else {
-    app.use(searchPath, slowSearch(/\/hrdb\/(.*)\/_search\?q=(.*)/, config.couchAuthDbURL));
+    app.use(searchPath, slowSearch(/\/hrdb\/(.*)\/_search\?q=(.*)/, config));
   }
 };

routes/30-auth.js

@@ -44,10 +44,27 @@ function validateOAuth(oauth) {
 
 
 
-function getPrimaryRole(user) {
+function getPrimaryRole(config, user, subdomain) {
   var primaryRole = '';
+
   if (user.roles) {
-    user.roles.forEach(function(role) {
+    user.roles.forEach(function (role) {
+
+      var p = role.indexOf('.');
+      if (config.isMultitenancy && p >= 0) {
+
+        var db = role.substr(0, p);
+        console.log(db);
+        if (db !== subdomain) {
+          return;
+        }
+
+        role = role.substr(p + 1);
+
+      } else if (p >= 0) {
+        return;
+      }
+
       if (role !== 'user' && role !== 'admin') {
         primaryRole = role;
       }
@@ -102,7 +119,8 @@ module.exports = function(app, config) {
     });
   }
 
-  function findOAuthUser(accessToken, refreshToken, profile, callback) {
+  function findOAuthUser(request, accessToken, refreshToken, profile, callback) {
+    var hostname = request.query.state;
     var userKey = 'org.couchdb.user:' + profile.emails[0].value;
     users.get(userKey, {}, function(err, body) {
       if (err) {
@@ -148,8 +166,11 @@ module.exports = function(app, config) {
   }
 
   function getSession(req, res, requestOptions, includeOauth) {
-    requestOptions.url = config.couchDbURL +'/_session';
+    var subdomain = req.subdomains.join('.');
+
+    requestOptions.url = config.couchDbURL + '/_session';
     request(requestOptions, function (error, response, body) {
+
       if (error) {
         res.json({error: true, errorResult: error});
       } else {
@@ -164,7 +185,7 @@ module.exports = function(app, config) {
               var response = {
                 displayName: user.displayName,
                 prefix: user.userPrefix,
-                role: getPrimaryRole(user)
+                role: getPrimaryRole(config, user, subdomain)
               };
               if (includeOauth) {
                 response.k =  user.consumer_key;
@@ -192,7 +213,8 @@ module.exports = function(app, config) {
         clientID: config.googleClientId,
         clientSecret: config.googleClientSecret,
         callbackURL: config.serverURL + '/auth/google/callback',
-      }, findOAuthUser)
+        passReqToCallback: true
+    }, findOAuthUser)
   );
 
   // Initialize Passport!  Also use passport.session() middleware, to support
@@ -204,13 +226,15 @@ module.exports = function(app, config) {
   //   request.  The first step in Google authentication will involve
   //   redirecting the user to google.com.  After authorization, Google
   //   will redirect the user back to this application at /auth/google/callback
-  router.get('/auth/google',
-    passport.authenticate('google', {scope: ['https://www.googleapis.com/auth/userinfo.profile',
-                                              'https://www.googleapis.com/auth/userinfo.email',],}),
-    function() {
-      // The request will be redirected to Google for authentication, so this
-      // function will not be called.
-    });
+  router.get('/auth/google', function (req, res) {
+    console.log('google auth request for: ' + req.hostname);
+
+    passport.authenticate('google', {
+      state: req.hostname,
+      scope: ['https://www.googleapis.com/auth/userinfo.profile',
+        'https://www.googleapis.com/auth/userinfo.email',],
+    })(req, res);
+  });
 
   // GET /auth/google/callback
   //   Use passport.authenticate() as route middleware to authenticate the
@@ -221,7 +245,14 @@ module.exports = function(app, config) {
     passport.authenticate('google', {failureRedirect: '/#/login'}),
     function(req, res) {
       var user = req.user;
-      var redirURL = '/#/finishgauth/';
+      var hostname = req.query.state;
+
+      redirURL = '';
+      if (config.isMultitenancy) {
+        redirURL += 'https://' + hostname;
+      }
+
+      redirURL += '/#/finishgauth/';
       redirURL += user.consumer_secret;
       redirURL += '/' + user.token_secret;
       redirURL += '/' + user.consumer_key;